From: Andy Polyakov <appro@openssl.org>
Date: Sat, 29 Oct 2011 19:25:13 +0000 (+0000)
Subject: bn_exp.c: fix corner case in new constant-time code.
X-Git-Tag: master-post-reformat~2127
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=093388711298d91223f20bd75d44f614335b3e75

bn_exp.c: fix corner case in new constant-time code.

Submitted by: Emilia Kasper
---

diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
index 5c492365f3..8454d42f84 100644
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -693,6 +693,11 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
 
 	BN_ULONG *np=mont->N.d, *n0=mont->n0;
 
+	/* BN_to_montgomery can contaminate words above .top
+	 * [in BN_DEBUG[_DEBUG] build]... */
+	for (i=am.top; i<top; i++)	am.d[i]=0;
+	for (i=tmp.top; i<top; i++)	tmp.d[i]=0;
+
 	bn_scatter5(tmp.d,top,powerbuf,0);
 	bn_scatter5(am.d,am.top,powerbuf,1);
 	bn_mul_mont(tmp.d,am.d,am.d,np,n0,top);